Summary
Overview
Work History
Education
Skills
Websites
Accomplishments
Certification
Languages
Timeline
Generic

Doreen Crawford

Lexington Park,MD

Summary

I am skilled in risk management, security assessments, and system authorization. Directed system authorization for three major IT systems, ensuring federal compliance and timely ATO.

Qualified cybersecurity professional with robust background in ensuring security and integrity of information systems. Adept at implementing security protocols and responding to potential threats, contributing to secure IT environment. Proven ability to manage security operations and conduct risk assessments efficiently.

Overview

6
6
years of professional experience
1
1
Certification

Work History

Information System Security Officer

Avint LLC
Herndon, VA
05.2024 - Current
  • Conduct weekly audits of information system logs to identify and resolve inappropriate activities, supporting organizational compliance.
  • Review audit records of information systems each week to detect inappropriate or unusual activities.
  • Assess adherence to established security baselines by examining network device configurations, resulting in no compliance violations in annual external regulatory audits.
  • Develop and implement a Standard Operating Procedure for system installations and security measures, contributing to a 25% reduction in vulnerabilities and supporting compliance across the organization.
  • Oversee secure key generation and distribution in the PKI, preventing incidents and safeguarding cryptographic integrity for 200+ devices.
  • Establish a cybersecurity knowledge platform, enabling rapid information access for junior analysts and improving team efficiency by 10%.
  • Manage POA&M for 30+ systems, prioritizing remediation based on risk and compliance, achieving a 95% on-time completion rate.
  • Lead VPN security protocol adherence, ensuring all account requests were validated weekly and met NIST standards.
  • Implement robust data encryption, achieving 100% success in annual SOC2 security audits.
  • Lead documentation updates for certification, securing compliance two months early.
  • Prepare System Security Plans and maintained Plan of Actions and Milestones (POA&M).
  • Drive least privilege adoption, preventing unauthorized data access for 200+ employees.
  • Enforce security policies and procedures across all systems and staff.
  • Review and verify system maintenance log records, antivirus updates and any additions maintenance performed on a system.
  • Perform risk analyses to identify appropriate security countermeasures.
  • Recommend improvements in security systems and procedures.
  • Develop plans to safeguard computer files against modification, destruction, or disclosure.
  • Conduct security audits to identify vulnerabilities.
  • Maintain compliance with industry standards such as HIPAA, GDPR, ISO 27001, and NIST by enforcing strict protocols and controls.
  • Lead incident simulations or tabletop exercises to train team members on proper response procedures, thereby improving overall preparedness for real-world scenarios.
  • Develop comprehensive security policies, procedures, and training materials to strengthen organizational security posture.
  • Support the protection of sensitive data through encryption at rest and in transit using industry-standard algorithms.
  • Establish effective communication channels between cross-functional departments to facilitate prompt exchange of relevant cybersecurity information.
  • Conduct regular risk assessments for proactive identification and mitigation of potential vulnerabilities.
  • Reduce exposure to cyber threats by proactively monitoring the threat landscape for new risks or changes in tactics from adversaries.
  • Streamline vulnerability management by automating scanning, reporting, and remediation tasks.
  • Manage incident response processes, ensuring timely resolution and minimal business impact.
  • Increase user awareness through targeted cybersecurity training programs tailored to employee roles.
  • Collaborate with IT teams to integrate security best practices into system development and operations.
  • Collaborate to design secure networks by applying defense-in-depth principles that minimized attack surfaces while maintaining usability requirements for end users.
  • Optimize secure access controls by implementing multi-factor authentication solutions across all critical systems.
  • Contribute towards reducing overall enterprise risk by consistently analyzing and refining the organization's risk appetite and tolerance levels.
  • Coordinate to enhance network security by implementing robust threat detection and prevention systems.
  • Ensure business continuity by ensuring the development of disaster recovery plans and conducting regular testing exercises.

Lead IT Security Audit Management Analyst

Coalfire Federal
Reston, Virginia
11.2021 - 04.2024
  • Handled email correspondence to ensure prompt responses to PBC requests and inquiries.
  • Coordinated meetings between the agency and auditors, sharing updates and clarifying recommendations.
  • Advised leadership on draft audit findings and reports.
  • Partnered with SMEs, cutting auditor clarification requests by 40% and saving 20+ hours monthly.
  • Streamlined PBC list triage, reducing assessment time by 20% and improving artifact accuracy.
  • Conducted thorough reviews of artifacts to ensure compliance and maintain up-to-date records.
  • Coordinated with subject matter experts, vendors, industry stakeholders, and regulatory agencies to facilitate effective communication.
  • Oversaw the assembly of evidence packages for regulatory audits, resulting in a 15% reduction in average audit cycle time and resolving recurring documentation deficiencies.
  • Monitored assigned audits using a tracking system and provided timely status updates on audits and recommendations as needed.
  • Advised on revisions to audit coordination policies and procedures to address evolving agency requirements.
  • Led information sharing and documentation initiatives during the annual Federal Information Security Modernization Act audit for three consecutive years.
  • Promoted ahead of schedule within 12 months for strong performance and organizational impact.
  • Led security audits across 15+ systems, identifying critical vulnerabilities and reducing data breach risk by 35%.
  • Trained five junior team members in compliance frameworks (HIPAA, PCI DSS), resulting in zero violations during two internal audits.
  • Recognized for security protocol adherence and promoted to lead audit initiatives within a year.
  • Improved operational efficiency by streamlining processes and implementing best practices in management analysis.
  • Developed comprehensive reports, providing valuable insights into business performance and aiding in strategic planning efforts.
  • Served as a subject matter expert on management analysis principles, providing valuable counsel to stakeholders during critical business planning sessions.
  • Performed detailed financial analyses to support budgeting decisions and resource allocation efforts within the company.
  • Provided expert guidance on best practices, resulting in improved overall organizational effectiveness.
  • Optimized project management practices by conducting comprehensive assessments of project plans and timelines, ensuring timely completion of deliverables without compromising quality standards or exceeding budgets.
  • Collaborated with cross-functional teams to identify opportunities for process improvement and increased productivity.
  • Streamlined communication channels between departments by implementing efficient reporting structures that facilitated collaboration among teams.
  • Evaluated existing systems and processes, identifying inefficiencies and recommending modifications for optimal performance.
  • Spearheaded the implementation of innovative tools and technologies designed to improve workflow efficiency throughout the organization.
  • Managed complex projects from inception through execution while maintaining strict adherence to budgetary constraints and timelines.
  • Assisted in change management initiatives, ensuring a smooth transition during organizational restructuring efforts.
  • Conducted gap analyses to pinpoint areas of weakness within the organization and develop targeted solutions for growth.
  • Enhanced decision-making capabilities with thorough research, data analysis, and presentation of findings to stakeholders.
  • Facilitated workshops and training sessions to enhance employees'' understanding of new methodologies and techniques in management analysis.
  • Contributed significantly to the development of long-term strategies by working closely with executive leadership on risk assessment, market research, competitor analysis, industry trends evaluation.
  • Leveraged data-driven insights to optimize resource utilization, leading to increased profitability across various departments within the company.
  • Evaluated current processes to develop improvement plans.
  • Reduced costs for the organization by identifying areas of improvement and recommending cost-saving measures.
  • Streamlined company operations, leading cross-functional teams in process optimization projects.
  • Reduced operational costs by identifying inefficiencies and recommending cost-effective solutions.
  • Enhanced team productivity by implementing agile management practices, adapting quickly to changing priorities.
  • Optimized supply chain operations, analyzing and re-engineering processes to ensure timely delivery.
  • Led development of comprehensive risk management framework, mitigating potential threats to project success.
  • Supported implementation of new IT systems, ensuring seamless integration with existing processes.
  • Developed training program for new analysts, equipping them with essential skills for high performance.
  • Conducted performance evaluations to identify areas for improvement, setting actionable goals for team members.
  • Enhanced stakeholder engagement, organizing regular update meetings to ensure alignment with project goals.
  • Improved organizational agility, leading initiatives to adopt more flexible working arrangements.
  • Assisted in negotiation of key contracts, achieving favorable terms that supported organizational goals.
  • Facilitated workshops on organizational development, fostering culture of continuous improvement.
  • Improved decision-making processes, introducing advanced data analytics techniques.
  • Advised senior management on strategic decisions, leveraging in-depth industry knowledge.
  • Streamlined report generation processes, developing templates that reduced preparation time.
  • Reviewed internal systems and organized training plans to address areas in need of improvement.

IT Security Assessor

Apex Systems
Glen Allen, VA
05.2021 - 11.2021
  • Collected data using questionnaires, interviews, and document reviews for SA&A package preparation.
  • Improved Plan of Action & Milestones and Risk Assessment documents based on monthly threat intelligence, enhancing security protocols.
  • Translated critical security alerts and regulatory updates into actionable guidance, decreasing incident response times and speeding IT remediation.
  • Applied information security requirements throughout the IT System Life Cycle, from requirements to disposition.
  • Led risk assessments with ST&A, documented controls, and closed three high-priority exceptions in one month, surpassing compliance goals.
  • Assessed security risks for 15+ IT systems, ensuring NIST 800-53 compliance and reducing vulnerabilities.
  • Influenced vulnerability scanning across the enterprise network with Nessus, mitigating 95% of high-risk vulnerabilities within 3 months and exceeding the team's quarterly goal.
  • Audited IT security policies and procedures against NIST 800-53 and other frameworks, pinpointed 5 vulnerabilities, and suggested improvements to the security posture that strengthened overall compliance.
  • Evaluated information systems security protocols, recommending and promoting improvements that slashed incident response times by 15 minutes, resulting in a demonstrable enhancement of overall system resilience.
  • Managed workload effectively by prioritizing tasks according to deadlines while maintaining attention to detail in all aspects of the assessment process.

IT Security Analyst

Medical Science and Computing LLC
Rockville, MD
08.2019 - 04.2020
  • Ensured security policies and procedures were in accordance with FISMA, NIST, organizational guidelines, and technical best practices.
  • Updated security protocols and disaster recovery strategies for over 10 systems, resulting in no critical vulnerabilities identified during annual audits and surpassing FISMA compliance requirements by 15%.
  • Developed and reviewed Plan of Action and Milestones (POA&M) for identified vulnerabilities, maintaining compliance through monthly updates.
  • Prepared Assessment & Authorization deliverables including the System Security Plan (SSP), Contingency Plan (CP), and POA&M for review and approval by the Authorization Official.
  • Monitored and facilitated the Security Control Assessment to confirm all controls met requirements as specified in the SSP and NIST SP 800-53 Rev4/5.
  • Applied security frameworks such as ISO/IEC 27001 and the NIST 800 series to strengthen data protection, resulting in a 99% adherence rate across enterprise systems.
  • Coordinated updates to SA&A documentation, integrating key documents such as SAR, SSP, and POA&M, leading to measurable improvements in security assessment scores.
  • Conducted thorough risk assessments for proposed projects or changes in technology infrastructure, highlighting potential vulnerabilities before implementation could begin.
  • Conducted security audits to identify vulnerabilities.

Education

Bachelor of Science - Information Technology

University of Phoenix
Phoenix, AZ
04.2022

Skills

  • NIST Cybersecurity Framework compliance
  • Security Assurance
  • Access Control Management
  • Two-factor authentication
  • Risk Assessment and Mitigation
  • Cybersecurity Training and Awareness
  • Information Assurance and Protection
  • Incident Response Management

Accomplishments

  • Achieved 50% time enhancement through effectively helping with implementing a streamlined ticketing system.
  • Successfully led a risk assessment initiative that identified and mitigated 12 critical vulnerabilities.
  • Streamlined the Assessment & Accreditation process, improving efficiency by 30%

Certification

  • CompTIA Security+
  • ITIL Foundation
  • CISA
  • AWS Cloud Practitioner

Languages

English
Native or Bilingual
French
Professional Working

Timeline

Information System Security Officer

Avint LLC
05.2024 - Current

Lead IT Security Audit Management Analyst

Coalfire Federal
11.2021 - 04.2024

IT Security Assessor

Apex Systems
05.2021 - 11.2021

IT Security Analyst

Medical Science and Computing LLC
08.2019 - 04.2020

Bachelor of Science - Information Technology

University of Phoenix
Doreen Crawford